Google Play Store too is not spared from stealthy Cryptomining Codes

Admittedly, there is a gold rush to mine cryptocurrency and the fact that Bitcoin hit its highest value yet only serves to add more fuel to this growing craze. Miners have resorted to throwing ethics out of the Windows and it seems as long as the end justifies the means, they will even hack into your own device to help them mine these cryptocurrencies.

Unsuspecting users who innocently visit certain sites online get codes stealthily implanted locally on their system, which then harnesses their CPU processing power to help hackers mine cryptocurrencies. A number of sites that have been reported to be doing this include Pirate Bay among others.

Emerging news now show even mobile devices’ CPUs are also not spared. The hackers have stealthily implanted codes (JavaScript scripts) into mobile applications found on Google Play. Trend Micro made this discovery and zeroed in on two categories of malicious apps on Play Store, the ANDROIDOS_JSMINER, and ANDROIDOS_CPUMINER.

Trend Micro went further to elaborate that they detected ANDROIDOS_JSMINER in unsuspecting apps like the rosary app, Recitiamo Santo Rosario Free and another wireless app, SafetyNet Wireless App.

When a user installs and runs the said apps, they loaded the JavaScript code created by Coinhive, and started mining using the Coinhive site key. The user will experience an unusually high CPU usage just like how a computer compromised with the Coinhive mining code behaves. As for ANDROIDOS_CPUMINER, Trend Micro says the detected it on a wallpaper app, Car Wallpaper HD.

Trend Micro reached out to Google and the affected apps were pulled down from the Play Store. Then again, that raises the question, how many other apps out there in the Play Store have been compromised and have not yet come to the attention of neither Google nor any other security company?

That leaves you (the user) at a big risk of having your mobile device compromised by cryptocurrencies miners. You need therefore to become pro-active in your own device’s security and as far as stealthy codes being implanted on your device to mine. Going forward, you will need to start checking your CPU usage, if it is unusually high, then you need to investigate for a possible infestation of apps with these JavaScript codes for mining.